Category: Privacy/Governance Feed

A new FBI advisory warned that North Korean IT worker schemes have escalated their activities in recent months to include data extortion – Read More  –  

SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure – Read More  –  

Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment – Read More  –  

Arbitrage betting fraud rises, forcing bookmakers to adopt stricter measures against automated scams – Read More  –  

Splunk reveals that 82% of CISOs now report directly to the CEO, but many lack EQ – Read More  –  

The network equipment giant urged customers to patch immediately – Read More  –  

Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security – Read More  –  

President Trump has pardoned the founder of original dark web marketplace Silk Road – Read More  –  

Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA – Read More  –  

PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign – Read More  –  

New ESET research reveals that 73% of UK educational institutions experienced at least one cyber-attack or breach in the past five years – Read More  –  

NCC Group observed 574 global ransomware attacks in December, the highest monthly volume it has recorded – Read More  –  

Cyble has found thousands of security vendors’ credentials on the dark web, likely pulled from infostealer logs – Read More  –  

Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year – Read More  –  

Cloudflare warns of a surge in hyper-volumetric DDoS after revealing it stopped a massive 5.6Tbps attack – Read More  –  

Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally – Read More  –  

Security experts have outlined security and privacy concerns around the UK government’s GOV.UK Wallet, which will allow citizens to store all their ID documents in a single place – Read More  –  

A CloudSEK report revealed Zendesk’s platform can be exploited for phishing and investment scams – Read More  –  

Data from DLA Piper showed a 33% year-on-year fall in GDPR fines issued in Europe in 2024, with total penalties reaching €1.2bn – Read More  –  

Critical flaws include those in Oracle Supply Chain products – Read More  –  

Sophos has warned of IT impersonation vishing attacks designed to remotely deploy ransomware – Read More  –  

ISACA research claims privacy budgets are set to decline further in 2025 – Read More  –  

In today’s interconnected digital world, where data drives decision-making and innovation, safeguarding personal information has become an absolute necessity…. The post DPDP Act 2023: Key Updates and What’s New in 2025 for Data Protection appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

HPE is investigating claims of data breach by hacker IntelBroker, who offered stolen files for sale – Read More  –  

Android apps, linked to APT group DONOT, disguised as a chat platform for intelligence gathering – Read More  –  

The December 2024 cyber-attack on the country’s state registers, was attributed to Russian military intelligence services – Read More  –  

The US has issued sanctions against an individual and a company involved in recent high-profile compromises of government officials by Chinese state-affiliated hackers – Read More  –  

CIA analysts Asif William Rahman has pleaded guilty to sharing classified documents about an Israeli attack – Read More  –  

At least half a million accounts have been compromised after a breach at hotel management software firm Otelier – Read More  –  

The Supreme Court has upheld a law that could potentially ban TikTok in the US – Read More  –  

SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments – Read More  –  

Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement – Read More  –  

AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China – Read More  –  

The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms – Read More  –  

Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks – Read More  –  

Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing and investment fraud – Read More  –  

The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers – Read More  –  

Compliance with the Digital Operational Resilience Act (DORA) has cost many businesses over €1 million, according to research from Rubrik – Read More  –  

The leak likely comes from a zero-day exploit affecting Fortinet’s products – Read More  –  

HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI – Read More  –  

A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at the web hosting giant – Read More  –  

A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence – Read More  –  

CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks – Read More  –  

The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io – Read More  –  

A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure – Read More  –  

Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024 – Read More  –  

The security provider published mitigation measures to prevent exploitation – Read More  –  

Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests – Read More  –  

Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited – Read More  –  

A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology – Read More  –